×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
karampatsis
Engager
Member since: ‎04-02-2020
‎08-10-2024
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-02-2020
Activity Feed
View All

Re: Content Pack for Windows Dashboards and Report...

by in All Apps and Add-ons
‎08-10-2024 08:40 PM
‎08-10-2024 08:40 PM
Tom everything seems to be working fine. Your help was crucial in finding the problem. Thank you very much ... View more

Re: Content Pack for Windows Dashboards and Report...

by in All Apps and Add-ons
‎08-07-2024 08:52 PM
‎08-07-2024 08:52 PM
Does anyone know why eventtype [wineventlog_index_windows] definition= index=wineventlog OR index=main doesn't return something? Am I doing something wrong in the eventtypes.conf file or should I declare it somewhere else as well? Thank you very much ... View more

Re: Content Pack for Windows Dashboards and Report...

by in All Apps and Add-ons
‎08-01-2024 02:17 AM
‎08-01-2024 02:17 AM
Hello Tom, thank you very much for your answer. Τesting the ones you sent me I noticed that if I search for example for: eventtype=wineventlog_index_windows eventtype=wineventlog_security I do not get any results, the same if I make a search for:  eventtype=wineventlog_index. But if I try for : eventtype=wineventlog_security  I am getting results. In eventtypes.conf file in DA-ITSI-CP-windows-dashboards/local folder i made the following changes  [windows_index_windows] definition= index=windows OR index=main [perfmon_index_windows] definition= index=perfmon OR index=itsi_im_metrics [wineventlog_index_windows] definition= index=wineventlog OR index=main   Do you have any idea why this is happening?    When you are writing "definition is correct and shared properly" what exactly do you mean?   Thanks in advance ... View more

Content Pack for Windows Dashboards and Reports da...

by in All Apps and Add-ons
‎07-23-2024 08:47 AM
‎07-23-2024 08:47 AM
Hello, I am using Splunk Enterprise with IT Essentials Work, Windows Addon and Content Pack for Windows Dashboards and Reports. I made all the necessary configurations for Content Pack for Windows Dashboards and Reports but still I can not see any data in dashboards or the reports.  In eventtypes.conf file in DA-ITSI-CP-windows-dashboards/local folder i made the following changes  [windows_index_windows] definition= index=windows OR index=main [perfmon_index_windows] definition= index=perfmon OR index=itsi_im_metrics [wineventlog_index_windows] definition= index=wineventlog OR index=main   The think the problem starts from the fact that eventtypes are not recognized in searches. For example the search  (eventtype=msad-successful-user-logons OR eventtype=msad-failed-user-logons) returns nothing. In eventttypes.conf the above stanza is: [msad-successful-user-logons] search = eventtype=wineventlog_index_windows eventtype=wineventlog_security EventCode=4624 user!="*$"   If i run the search: index=main EventCode=4624 user!="*$" i get results.   Can someone help me to solve the problem?   Thanks [msad_index_windows] search= index=msad OR index=main ... View more
Labels

How to search the chain of users that sent an emai...

by in Splunk Search
‎04-02-2020 03:40 AM
‎04-02-2020 03:40 AM
Hello, My data are like this, sender , receiver, _time userA, userB, _time1 userB, userC, _time2 userB, userD, _time3 userC, userD, _time4 I'd like to find the chain of users that send and receive emails. For example userA->sent to userB-> sent to userC and userD , userC->send to userD my result would be like this userA, userB, userC, userD userA, userB, userD userB, userC, userD userC, userD Can you please help me Thanks in advance ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-10-2024 08:42 PM